Sweet Justice

In the role of a support technician, when removing viruses we often times hear phrases from our customers such as “If I ever meet the guy that made this…”, or “Why can’t they catch the guy that’s doing this…?” These are fair statements/questions that often times do not have an answer or resolve due to the complicated (usually international) nature of computer malware.

With that in mind, on Monday October 25th the Bredolab Botnet was busted. Bredolab was one of the largest botnets wrecking havoc in the world. With an estimated 30 million infected computers, it has been spewing spam and other malware since at least early 2009. A lot of the botnet was used to send fake emails aimed to entice its recipients to open an attachment. Often times these attachments would claim to be from UPS or other curriers notifying of a shipping invoice or failed delivery. Once opened it would drop further (usually hidden) files onto the system which would then communicate to the Bredolab command and control servers to in turn drop its main payload, a rogue antivirus or “Scareware” . Parts of the botnet were also rented or sold off to other groups with the same interests.

The “Man behind the mask” was Georg Avanesov. He is a 27-year-old Armenian that was making a nice living from other people’s ignorance reportedly at approximately $139,000 per month. Avanesov’s botnet consisted of about 143 (command and control) servers that ran on the rented network space “LeaseWeb” one of Europe’s largest hosting providers.

It can be extremely difficult to track down those behind botnets as they take great measures to ensure their true identity remains in the dark. However a culmination of Armenian, Dutch and Russian authorities, along with high-tech computer security experts were able to track down and arrest the culprit. The botnet was then turned against itself to send messages to all of the computers that it resided on, letting their owners know they were infected and needed to clean the machine.

Armenia is currently holding Avanesov and the Dutch have 40 days to file an extradition request, which they are currently working on. “Computer Hacking” penalties can vary widely from 18 months to 20 years in prison. This particular offense will probably land on the latter of the two.